Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls
Descripción del Articulo
In the current context of increasing cyber threats to Latin American IT service providers, the cost of data breaches is expected to increase 31% by 2023, which highlights the urgency of strengthening security practices. Therefore, it is proposed to improve maturity in access management, with the dev...
| Autores: | , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2024 |
| Institución: | Universidad Peruana de Ciencias Aplicadas |
| Repositorio: | UPC-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorioacademico.upc.edu.pe:10757/676108 |
| Enlace del recurso: | http://hdl.handle.net/10757/676108 |
| Nivel de acceso: | acceso embargado |
| Materia: | Information Access Managemen ISO/IEC 27001 |
| id |
UUPC_3da194ad3d7ce926c99ca3351bd1c822 |
|---|---|
| oai_identifier_str |
oai:repositorioacademico.upc.edu.pe:10757/676108 |
| network_acronym_str |
UUPC |
| network_name_str |
UPC-Institucional |
| repository_id_str |
2670 |
| dc.title.es_PE.fl_str_mv |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| title |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| spellingShingle |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls Huaman, Sergio Information Access Managemen ISO/IEC 27001 |
| title_short |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| title_full |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| title_fullStr |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| title_full_unstemmed |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| title_sort |
Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controls |
| author |
Huaman, Sergio |
| author_facet |
Huaman, Sergio Ponce, Luis Wong, Lenis |
| author_role |
author |
| author2 |
Ponce, Luis Wong, Lenis |
| author2_role |
author author |
| dc.contributor.author.fl_str_mv |
Huaman, Sergio Ponce, Luis Wong, Lenis |
| dc.subject.es_PE.fl_str_mv |
Information Access Managemen ISO/IEC 27001 |
| topic |
Information Access Managemen ISO/IEC 27001 |
| description |
In the current context of increasing cyber threats to Latin American IT service providers, the cost of data breaches is expected to increase 31% by 2023, which highlights the urgency of strengthening security practices. Therefore, it is proposed to improve maturity in access management, with the development of a model based on ISO/IEC 27001:2022 designed for Peruvian IT service providers. The study consists of three stages: analysis, design, and validation. In the first stage, a comparative analysis is made between success factors, cybersecurity aspects, maturity models and access management mechanisms. The second and third stages cover the model building phases according to De Bruin's methodology. In the second stage, the evaluation scope, and the level structure according to CMMI are defined as well as the criteria of the model where the evaluation is based on a user life cycle, type of access and regulatory compliance. Finally, in the third stage, the model is validated by experts in the field and deployed in an enterprise in the sector. The results obtained from the validation showed that 'understandability', 'usefulness and practicality', 'accuracy', 'comprehensiveness', 'sufficiency', 'relevance', 'usability' and 'accuracy' obtained an average rating of 4.6 (agree). Finally, with respect to the implementation of the proposed model, the elimination phase had a maturity index of 0.14, which placed it at an initial maturity level. On the other hand, the other phases exceeded an index of 0.55, placing them in the three highest levels of maturity achievable. In this way, an improvement proposal for the enterprise was made and accepted. |
| publishDate |
2024 |
| dc.date.accessioned.none.fl_str_mv |
2024-10-14T15:02:05Z |
| dc.date.available.none.fl_str_mv |
2024-10-14T15:02:05Z |
| dc.date.issued.fl_str_mv |
2024-01-01 |
| dc.type.es_PE.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| dc.identifier.issn.none.fl_str_mv |
23057254 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/10757/676108 |
| dc.identifier.journal.es_PE.fl_str_mv |
Conference of Open Innovation Association, FRUCT |
| dc.identifier.eid.none.fl_str_mv |
2-s2.0-85193377025 |
| dc.identifier.scopusid.none.fl_str_mv |
SCOPUS_ID:85193377025 |
| identifier_str_mv |
23057254 Conference of Open Innovation Association, FRUCT 2-s2.0-85193377025 SCOPUS_ID:85193377025 |
| url |
http://hdl.handle.net/10757/676108 |
| dc.language.iso.es_PE.fl_str_mv |
eng |
| language |
eng |
| dc.rights.es_PE.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
| eu_rights_str_mv |
embargoedAccess |
| dc.format.es_PE.fl_str_mv |
application/html |
| dc.publisher.es_PE.fl_str_mv |
IEEE Computer Society |
| dc.source.none.fl_str_mv |
reponame:UPC-Institucional instname:Universidad Peruana de Ciencias Aplicadas instacron:UPC |
| instname_str |
Universidad Peruana de Ciencias Aplicadas |
| instacron_str |
UPC |
| institution |
UPC |
| reponame_str |
UPC-Institucional |
| collection |
UPC-Institucional |
| dc.source.journaltitle.none.fl_str_mv |
Conference of Open Innovation Association, FRUCT |
| dc.source.beginpage.none.fl_str_mv |
259 |
| dc.source.endpage.none.fl_str_mv |
266 |
| bitstream.url.fl_str_mv |
https://repositorioacademico.upc.edu.pe/bitstream/10757/676108/1/license.txt |
| bitstream.checksum.fl_str_mv |
8a4605be74aa9ea9d79846c1fba20a33 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 |
| repository.name.fl_str_mv |
Repositorio académico upc |
| repository.mail.fl_str_mv |
upc@openrepository.com |
| _version_ |
1846066053375852544 |
| spelling |
321c53d54edb7380a4232188ddf450cc3008a4f50c2674e60172cfdeddca3a5f3ccf1524a3bbf68b7e2680e1ab2f7ba0bfd500Huaman, SergioPonce, LuisWong, Lenis2024-10-14T15:02:05Z2024-10-14T15:02:05Z2024-01-0123057254http://hdl.handle.net/10757/676108Conference of Open Innovation Association, FRUCT2-s2.0-85193377025SCOPUS_ID:85193377025In the current context of increasing cyber threats to Latin American IT service providers, the cost of data breaches is expected to increase 31% by 2023, which highlights the urgency of strengthening security practices. Therefore, it is proposed to improve maturity in access management, with the development of a model based on ISO/IEC 27001:2022 designed for Peruvian IT service providers. The study consists of three stages: analysis, design, and validation. In the first stage, a comparative analysis is made between success factors, cybersecurity aspects, maturity models and access management mechanisms. The second and third stages cover the model building phases according to De Bruin's methodology. In the second stage, the evaluation scope, and the level structure according to CMMI are defined as well as the criteria of the model where the evaluation is based on a user life cycle, type of access and regulatory compliance. Finally, in the third stage, the model is validated by experts in the field and deployed in an enterprise in the sector. The results obtained from the validation showed that 'understandability', 'usefulness and practicality', 'accuracy', 'comprehensiveness', 'sufficiency', 'relevance', 'usability' and 'accuracy' obtained an average rating of 4.6 (agree). Finally, with respect to the implementation of the proposed model, the elimination phase had a maturity index of 0.14, which placed it at an initial maturity level. On the other hand, the other phases exceeded an index of 0.55, placing them in the three highest levels of maturity achievable. In this way, an improvement proposal for the enterprise was made and accepted.application/htmlengIEEE Computer Societyinfo:eu-repo/semantics/embargoedAccessInformation Access ManagemenISO/IEC 27001Maturity Model for Information Access Management of Peruvian IT Service Providers based on ISO/IEC 27001 and CMMI Security Controlsinfo:eu-repo/semantics/articleConference of Open Innovation Association, FRUCT259266reponame:UPC-Institucionalinstname:Universidad Peruana de Ciencias Aplicadasinstacron:UPCLICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorioacademico.upc.edu.pe/bitstream/10757/676108/1/license.txt8a4605be74aa9ea9d79846c1fba20a33MD51false10757/676108oai:repositorioacademico.upc.edu.pe:10757/6761082024-10-14 15:02:08.125Repositorio académico upcupc@openrepository.comTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
13.924177 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
